Basic Policies for Information Security
In recognition that information related to business activities must be shared and used appropriately under safe and sure management, Amano has placed this as one of its key management initiatives. The "Basic Policies for Information Security" was established as a part of enhancing internal control.
Information Security Management System
Amano Corporation - Basic Policies for Information Security
Amano Corporation (the company herein) is a company that provides products, solutions, and service related to Time & Ecology. The company's officers and employees and all others who handle the company's information are committed to deepening their understanding of the importance of information security. Based on the Basic Policies for Information Security they will seek to maintain and improve social credibility and business continuance by preventing, correcting information leakage.
- Applies to all tangible, intangible forms of information. In addition, we will guide all third parties to comply who handle the same information as the company.
- Information security framework
- The company, based on the "Basic Policies for Compliance", has revised all information related rules and regulations and has appointed persons in charge of information management in all business divisions. By this the company has established a company wide framework for information security.
- Compliance with laws and regulations
- The company will comply with all laws and regulations related to information security such as Personal Information Protection Act, and will honor the contracts with customers.
- The management of information assets
- The company will take measures to maintain confidentiality, integrity, and availability of its information assets.
- Confidentiality: restricted to only those authorized to have access to information assets.
- Integrity: the accuracy and integrity of information assets will be protected.
- Availability: ensuring that the information is available when necessary.
- The prevention measures against information security incidents
- The company will do all that is possible to prevent information security incidents. In an unlikely event that an incident does occur, the company will take appropriate actions and formulate relapse prevention measures.
- Information security education
- The company educates and enlightens all employees for the purpose to deepening their understanding of the importance of information security and to improve the technology.
- Continuous improvement
- The company will endeavor to continuously revise and the improve Basic Policies for Information Security and all related rules and regulations.
Established 24th March 2008
Revised 3rd March 2010
Initiatives for Information Security Management
Formulating rules for information security management
In March 2010, we formulated our new "Information Security Management Rules" based on our Information Security Management System (ISMS). Stipulations in our "Personal Information Protection Management Rules" that are common to the new rules were reviewed and integrated into a single system. The newly formulated rules were implemented in April 2010.
Training on Information Security Management/Personal Information Protection
Conducting training for all employees (e-learning)
At Amano, we provide periodic training on information security management and personal information protection every year for all of our employees, including those working at Amano group companies in Japan. We review the training materials annually to provide e-learning from the perspectives listed below and to ensure that all of the targeted employees complete the training during the designated time frame.
- Japan's Personal Information Protection Act and the PrivacyMark system
- Knowledge of and rules for information security management
- Specific safety management measures
- Risk management and emergency response
- Test to assess understanding of 1 through 4 above
*We use paper media (training documents) in the training program for factory employees who do not use PCs regularly.